Product:

Active_iq_unified_manager

(Netapp)
Date Id Summary Products Score Patch Annotated
2022-08-23 CVE-2021-3800 A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. Debian_linux, Glib, Active_iq_unified_manager 5.5
2022-08-24 CVE-2021-4209 A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. Gnutls, Active_iq_unified_manager, Hci_bootstrap_os, Solidfire_\&_hci_management_node, Enterprise_linux 6.5
2022-08-25 CVE-2022-23235 Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. Active_iq_unified_manager 5.3
2022-08-29 CVE-2022-1199 A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Linux_kernel, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Enterprise_linux 7.5
2022-08-31 CVE-2022-1259 A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Build_of_quarkus, Integration_camel_k, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow 7.5
2022-08-31 CVE-2022-1319 A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Openshift_application_runtimes, Single_sign\-On, Undertow 7.5
2022-09-01 CVE-2022-2764 A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Single_sign\-On, Undertow 4.9
2022-09-09 CVE-2022-2526 A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. Active_iq_unified_manager, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Systemd 9.8
2022-09-21 CVE-2022-38177 By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Debian_linux, Fedora, Bind, Active_iq_unified_manager 7.5
2022-09-21 CVE-2022-38178 By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. Debian_linux, Fedora, Bind, Active_iq_unified_manager 7.5